<!DOCTYPE html>
<head>
<meta charset="UTF-8">
<style>
.r1 {color: #00ff00; text-decoration-color: #00ff00}
.r2 {font-weight: bold}
.r3 {color: #008080; text-decoration-color: #008080; font-weight: bold}
.r4 {color: #00ff00; text-decoration-color: #00ff00; font-weight: bold}
.r5 {color: #800000; text-decoration-color: #800000}
.r6 {color: #008000; text-decoration-color: #008000}
body {
    color: #000000;
    background-color: #ffffff;
}
</style>
</head>
<html>
<body>
    <code>
        <pre style="font-family:Menlo,'DejaVu Sans Mono',consolas,'Courier New',monospace"><span class="r1">*  *  *  *  *  *  *  *  *  *  *  *  *  *   </span><span class="r2">HARDENEKS</span><span class="r1"> *  *  *  *  *  *  *  *  *  *  *  *  *  *  </span>
You are operating at us-east-<span class="r3">2</span>
You context is arn:aws:eks:us-east-<span class="r4">2:4244</span>3238<span class="r4">8155:c</span>luster/dev-demo
Your cluster name is dev-demo
You are using config.yaml as your config file

╭───────────────────────────────── <span class="r3">cluster_autoscaling rules</span> ─────────────────────────────────╮
│ ┏━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┓ │
│ ┃<span class="r2"> Section        </span>┃<span class="r2"> Namespace    </span>┃<span class="r2"> Rule           </span>┃<span class="r2"> Resource </span>┃<span class="r2"> Resource Type  </span>┃<span class="r2"> Resolution </span>┃ │
│ ┡━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━┩ │
│ │<span class="r5"> cluster_autos… </span>│<span class="r5"> Cluster Wide </span>│<span class="r5"> Cluster        </span>│<span class="r5">          </span>│<span class="r5"> Deployment     </span>│<span class="r5"> </span><a class="r5" href="https://aws.github.io/aws-eks-best-practices/cluster-autoscaling/">Link</a><span class="r5">       </span>│ │
│ │<span class="r5">                </span>│<span class="r5">              </span>│<span class="r5"> Autoscaler or  </span>│<span class="r5">          </span>│<span class="r5">                </span>│<span class="r5">            </span>│ │
│ │<span class="r5">                </span>│<span class="r5">              </span>│<span class="r5"> Karpenter is   </span>│<span class="r5">          </span>│<span class="r5">                </span>│<span class="r5">            </span>│ │
│ │<span class="r5">                </span>│<span class="r5">              </span>│<span class="r5"> not deployed.  </span>│<span class="r5">          </span>│<span class="r5">                </span>│<span class="r5">            </span>│ │
│ │<span class="r6"> cluster_autos… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Cross version  </span>│<span class="r6">          </span>│<span class="r6"> Deployment     </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/cluster-autoscaling/#operating-the-cluster-autoscaler">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> compatibility  </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> between CA and </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> k8s is not     </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> recommended.   </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> cluster_autos… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Auto discovery </span>│<span class="r6">          </span>│<span class="r6"> Deployment     </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/cluster-autoscaling/#operating-the-cluster-autoscaler">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> is not enabled </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> for Cluster    </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> Autoscaler.    </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> cluster_autos… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Cluster-autos… </span>│<span class="r6">          </span>│<span class="r6"> Deployment     </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/cluster-autoscaling/#employ-least-privileged-access-to-the-iam-role">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> deployment     </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> does not use a </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> dedicated IAM  </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> Role (IRSA).   </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> cluster_autos… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Cluster        </span>│<span class="r6">          </span>│<span class="r6"> IAM Role       </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/cluster-autoscaling/#employ-least-privileged-access-to-the-iam-role">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> autoscaler     </span>│<span class="r6">          </span>│<span class="r6"> Action         </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> role has       </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> unnecessary    </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> actions        </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> assigned.      </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> cluster_autos… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Nodes are      </span>│<span class="r6">          </span>│<span class="r6"> Node           </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/cluster-autoscaling/#configuring-your-node-groups">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> recommended to </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> be part of a   </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> managed noge   </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">                </span>│<span class="r6">              </span>│<span class="r6"> group.         </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ └────────────────┴──────────────┴────────────────┴──────────┴────────────────┴────────────┘ │
╰─────────────────────────────────────────────────────────────────────────────────────────────╯

╭───────────────────────────────────── <span class="r3">scalability rules</span> ─────────────────────────────────────╮
│ ┏━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┓ │
│ ┃<span class="r2"> Section       </span>┃<span class="r2"> Namespace    </span>┃<span class="r2"> Rule            </span>┃<span class="r2"> Resource </span>┃<span class="r2"> Resource Type  </span>┃<span class="r2"> Resolution </span>┃ │
│ ┡━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━┩ │
│ │<span class="r6"> control_plane </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> EKS Version     </span>│<span class="r6">          </span>│<span class="r6"> Cluster        </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/scalability/docs/control-plane/#use-eks-124-or-above">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">               </span>│<span class="r6">              </span>│<span class="r6"> Should be       </span>│<span class="r6">          </span>│<span class="r6"> Version        </span>│<span class="r6">            </span>│ │
│ │<span class="r6">               </span>│<span class="r6">              </span>│<span class="r6"> greater or      </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r6">               </span>│<span class="r6">              </span>│<span class="r6"> equal to 1.24.  </span>│<span class="r6">          </span>│<span class="r6">                </span>│<span class="r6">            </span>│ │
│ │<span class="r5"> control_plane </span>│<span class="r5"> Cluster Wide </span>│<span class="r5"> `disable-compr… </span>│<span class="r5">          </span>│<span class="r5"> Compression    </span>│<span class="r5"> </span><a class="r5" href="https://aws.github.io/aws-eks-best-practices/scalability/docs/control-plane/#disable-kubectl-compression">Link</a><span class="r5">       </span>│ │
│ │<span class="r5">               </span>│<span class="r5">              </span>│<span class="r5"> in kubeconfig   </span>│<span class="r5">          </span>│<span class="r5"> Setting        </span>│<span class="r5">            </span>│ │
│ │<span class="r5">               </span>│<span class="r5">              </span>│<span class="r5"> should equal    </span>│<span class="r5">          </span>│<span class="r5">                </span>│<span class="r5">            </span>│ │
│ │<span class="r5">               </span>│<span class="r5">              </span>│<span class="r5"> True            </span>│<span class="r5">          </span>│<span class="r5">                </span>│<span class="r5">            </span>│ │
│ └───────────────┴──────────────┴─────────────────┴──────────┴────────────────┴────────────┘ │
╰─────────────────────────────────────────────────────────────────────────────────────────────╯

╭────────────────────────────────────── <span class="r3">security rules</span> ───────────────────────────────────────╮
│ ┏━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┓ │
│ ┃<span class="r2"> Section      </span>┃<span class="r2"> Namespace    </span>┃<span class="r2"> Rule          </span>┃<span class="r2"> Resource     </span>┃<span class="r2"> Resource Type </span>┃<span class="r2"> Resolution </span>┃ │
│ ┡━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━╇━━━━━━━━━━━━┩ │
│ │<span class="r6"> iam          </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Don&#x27;t bind    </span>│<span class="r6">              </span>│<span class="r6"> ClusterRoleB… </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> clusterroles  </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> to            </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> anonymous/un… </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> groups.       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r5"> iam          </span>│<span class="r5"> Cluster Wide </span>│<span class="r5"> EKS Cluster   </span>│<span class="r5">              </span>│<span class="r5"> Cluster       </span>│<span class="r5"> </span><a class="r5" href="https://aws.github.io/aws-eks-best-practices/security/docs/iam/#make-the-eks-cluster-endpoint-private">Link</a><span class="r5">       </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> Endpoint is   </span>│<span class="r5">              </span>│<span class="r5"> Endpoint      </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> not Private.  </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5"> iam          </span>│<span class="r5"> Cluster Wide </span>│<span class="r5"> Update the    </span>│<span class="r5"> aws-node     </span>│<span class="r5"> Daemonset     </span>│<span class="r5"> </span><a class="r5" href="https://aws.github.io/aws-eks-best-practices/security/docs/iam/#update-the-aws-node-daemonset-to-use-irsa">Link</a><span class="r5">       </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> aws-node      </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> daemonset to  </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> use IRSA.     </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5"> iam          </span>│<span class="r5"> Cluster Wide </span>│<span class="r5"> Restrict      </span>│<span class="r5"> i-03f8e01f9… </span>│<span class="r5"> Node          </span>│<span class="r5"> </span><a class="r5" href="https://aws.github.io/aws-eks-best-practices/security/docs/iam/#when-your-application-needs-access-to-imds-use-imdsv2-and-increase-the-hop-limit-on-ec2-instances-to-2">Link</a><span class="r5">       </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> access to the </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> instance      </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> profile       </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> assigned to   </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> nodes.        </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r6"> iam          </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> ClusterRoles  </span>│<span class="r6">              </span>│<span class="r6"> Cluster Role  </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> should not    </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> have &#x27;*&#x27; in   </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> Verbs or      </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> Resources.    </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r5"> multi_tenan… </span>│<span class="r5"> Cluster Wide </span>│<span class="r5"> Namespaces    </span>│<span class="r5"> default      </span>│<span class="r5"> Namepsace     </span>│<span class="r5"> </span><a class="r5" href="https://aws.github.io/aws-eks-best-practices/security/docs/multitenancy/#namespaces">Link</a><span class="r5">       </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> should have   </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> quotas        </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> assigned.     </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r6"> detective_c… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Enable        </span>│<span class="r6">              </span>│<span class="r6"> Log           </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/detective/#enable-audit-logs">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> control plane </span>│<span class="r6">              </span>│<span class="r6"> Configuration </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> logs for      </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> auditing.     </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r5"> network_sec… </span>│<span class="r5"> Cluster Wide </span>│<span class="r5"> Install aws   </span>│<span class="r5"> aws-private… </span>│<span class="r5"> Service       </span>│<span class="r5"> </span><a class="r5" href="https://aws.github.io/aws-eks-best-practices/security/docs/network/#acm-private-ca-with-cert-manager">Link</a><span class="r5">       </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> privateca     </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> issuer for    </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> your          </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> certificates. </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5"> network_sec… </span>│<span class="r5"> Cluster Wide </span>│<span class="r5"> Namespaces    </span>│<span class="r5"> default      </span>│<span class="r5"> Service       </span>│<span class="r5"> </span><a class="r5" href="https://aws.github.io/aws-eks-best-practices/security/docs/network/#create-a-default-deny-policy">Link</a><span class="r5">       </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> that does not </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> have default  </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> network deny  </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> policies.     </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r6"> encryption_… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> EBS Storage   </span>│<span class="r6">              </span>│<span class="r6"> StorageClass  </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> Classes       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> should have   </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> encryption    </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> parameter.    </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> encryption_… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> EFS           </span>│<span class="r6">              </span>│<span class="r6"> PersistentVo… </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/data/#encryption-at-rest">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> Persistent    </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> volumes       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> should have   </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> tls mount     </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> option.       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> encryption_… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> EFS           </span>│<span class="r6">              </span>│<span class="r6"> PersistentVo… </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-efs-access-points-to-simplify-access-to-shared-datasets">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> Persistent    </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> volumes       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> should        </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> leverage      </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> access        </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> points.       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> infrastruct… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Place worker  </span>│<span class="r6">              </span>│<span class="r6"> Node          </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#deploy-workers-onto-private-subnets">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> nodes on      </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> private       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> subnets.      </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r5"> infrastruct… </span>│<span class="r5"> Cluster Wide </span>│<span class="r5"> Enable Amazon </span>│<span class="r5">              </span>│<span class="r5"> Inspector     </span>│<span class="r5"> </span><a class="r5" href="https://aws.github.io/aws-eks-best-practices/security/docs/hosts/#deploy-workers-onto-private-subnets">Link</a><span class="r5">       </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> Inspector for </span>│<span class="r5">              </span>│<span class="r5"> Configuration </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> ec2 and ecr.  </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5"> pod_security </span>│<span class="r5"> Cluster Wide </span>│<span class="r5"> Namespaces    </span>│<span class="r5"> default      </span>│<span class="r5"> Namespace     </span>│<span class="r5"> </span><a class="r5" href="https://aws.github.io/aws-eks-best-practices/security/docs/pods/#pod-security-standards-pss-and-pod-security-admission-psa">Link</a><span class="r5">       </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> should have   </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> psa modes.    </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r6"> image_secur… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Make image    </span>│<span class="r6">              </span>│<span class="r6"> ECR           </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/image/#use-immutable-tags-with-ecr">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> tags          </span>│<span class="r6">              </span>│<span class="r6"> Repository    </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> immutable.    </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> iam          </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Don&#x27;t bind    </span>│<span class="r6">              </span>│<span class="r6"> RoleBinding   </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/iam/#review-and-revoke-unnecessary-anonymous-access">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> roles to      </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> anonymous or  </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> unauthentica… </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> groups.       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> iam          </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Roles should  </span>│<span class="r6">              </span>│<span class="r6"> Role          </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/iam/#employ-least-privileged-access-when-creating-rolebindings-and-clusterrolebindings">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> not have &#x27;*&#x27;  </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> in Verbs or   </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> Resources.    </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> iam          </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Auto-mounting </span>│<span class="r6">              </span>│<span class="r6"> Pod           </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/iam/#disable-auto-mounting-of-service-account-tokens">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> of Service    </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> Account       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> tokens is not </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> allowed.      </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r5"> iam          </span>│<span class="r5"> default      </span>│<span class="r5"> Running as    </span>│<span class="r5"> web-0        </span>│<span class="r5"> Pod           </span>│<span class="r5"> </span><a class="r5" href="https://aws.github.io/aws-eks-best-practices/security/docs/iam/#run-the-application-as-a-non-root-user">Link</a><span class="r5">       </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> root is not   </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> allowed.      </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r6"> iam          </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Don&#x27;t share   </span>│<span class="r6">              </span>│<span class="r6"> Deployment    </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> service       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> accounts      </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> between       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> Deployments.  </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> iam          </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Don&#x27;t share   </span>│<span class="r6">              </span>│<span class="r6"> StatefulSet   </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> service       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> accounts      </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> between       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> StatefulSets. </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> iam          </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Don&#x27;t share   </span>│<span class="r6">              </span>│<span class="r6"> DaemonSet     </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/iam/#use-dedicated-service-accounts-for-each-application">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> service       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> accounts      </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> between       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> DaemonSets.   </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> pod_security </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Container     </span>│<span class="r6">              </span>│<span class="r6"> Pod           </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/pods/#never-run-docker-in-docker-or-mount-the-socket-in-the-container">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> socket mounts </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> are not       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> allowed.      </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> pod_security </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Restrict the  </span>│<span class="r6">              </span>│<span class="r6"> Pod           </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/pods/#restrict-the-use-of-hostpath-or-if-hostpath-is-necessary-restrict-which-prefixes-can-be-used-and-configure-the-volume-as-read-only">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> use of        </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> hostpath.     </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r5"> pod_security </span>│<span class="r5"> default      </span>│<span class="r5"> Set requests  </span>│<span class="r5"> web-0        </span>│<span class="r5"> Pod           </span>│<span class="r5"> </span><a class="r5" href="https://aws.github.io/aws-eks-best-practices/security/docs/pods/#set-requests-and-limits-for-each-container-to-avoid-resource-contention-and-dos-attacks">Link</a><span class="r5">       </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> and limits    </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> for each      </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r5">              </span>│<span class="r5">              </span>│<span class="r5"> container.    </span>│<span class="r5">              </span>│<span class="r5">               </span>│<span class="r5">            </span>│ │
│ │<span class="r6"> pod_security </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Set           </span>│<span class="r6">              </span>│<span class="r6"> Pod           </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/pods/#do-not-allow-privileged-escalation">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> allowPrivile… </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> in the pod    </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> spec to       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> false.        </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> pod_security </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Configure     </span>│<span class="r6">              </span>│<span class="r6"> Pod           </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/pods/#configure-your-images-with-read-only-root-file-system">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> your images   </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> with a        </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> read-only     </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> root file     </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> system.       </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> network_sec… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Make sure you </span>│<span class="r6">              </span>│<span class="r6"> Service       </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/network/#use-encryption-with-aws-load-balancers">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> specify an    </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> ssl cert.     </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> encryption_… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Disallow      </span>│<span class="r6">              </span>│<span class="r6"> Pod           </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/data/#use-volume-mounts-instead-of-environment-variables">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> secrets from  </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> env vars.     </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> runtime_sec… </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Capabilities  </span>│<span class="r6">              </span>│<span class="r6"> Pod           </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/security/docs/runtime/#consider-adddropping-linux-capabilities-before-writing-seccomp-policies">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> beyond the    </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> allowed list  </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> are           </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> disallowed.   </span>│<span class="r6">              </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ └──────────────┴──────────────┴───────────────┴──────────────┴───────────────┴────────────┘ │
╰─────────────────────────────────────────────────────────────────────────────────────────────╯

╭───────────────────────────────────── <span class="r3">reliability rules</span> ─────────────────────────────────────╮
│ ┏━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┓ │
│ ┃<span class="r2"> Section      </span>┃<span class="r2"> Namespace    </span>┃<span class="r2"> Rule              </span>┃<span class="r2"> Resource </span>┃<span class="r2"> Resource Type </span>┃<span class="r2"> Resolution </span>┃ │
│ ┡━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━━━━━━━╇━━━━━━━━━━━━┩ │
│ │<span class="r6"> applications </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Metrics server is </span>│<span class="r6">          </span>│<span class="r6"> Service       </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-kubernetes-metrics-server">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> not deployed.     </span>│<span class="r6">          </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> applications </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Deploy horizontal </span>│<span class="r6">          </span>│<span class="r6"> Deployment    </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#horizontal-pod-autoscaler-hpa">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> pod autoscaler    </span>│<span class="r6">          </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> for deployments.  </span>│<span class="r6">          </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> applications </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Spread replicas   </span>│<span class="r6">          </span>│<span class="r6"> Deployment    </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#schedule-replicas-across-nodes">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> across AZs and    </span>│<span class="r6">          </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> Nodes.            </span>│<span class="r6">          </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> applications </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Avoid running     </span>│<span class="r6">          </span>│<span class="r6"> Deployment    </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#run-multiple-replicas">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> single replica    </span>│<span class="r6">          </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> deployments.      </span>│<span class="r6">          </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6"> applications </span>│<span class="r6"> Cluster Wide </span>│<span class="r6"> Avoid running     </span>│<span class="r6">          </span>│<span class="r6"> Pod           </span>│<span class="r6"> </span><a class="r6" href="https://aws.github.io/aws-eks-best-practices/reliability/docs/application/#avoid-running-singleton-pods">Link</a><span class="r6">       </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> pods without      </span>│<span class="r6">          </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ │<span class="r6">              </span>│<span class="r6">              </span>│<span class="r6"> deployments.      </span>│<span class="r6">          </span>│<span class="r6">               </span>│<span class="r6">            </span>│ │
│ └──────────────┴──────────────┴───────────────────┴──────────┴───────────────┴────────────┘ │
╰─────────────────────────────────────────────────────────────────────────────────────────────╯

</pre>
    </code>
</body>
</html>
